From 90e1b5a7a0539d5a4a2578086e7f16f3b41a0616 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 9 Mar 2026 09:45:50 +0000 Subject: [PATCH] ci(deps): Bump actions/upload-artifact from 4 to 7 Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4 to 7. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v4...v7) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/argus-phase-27-deep-analysis.yml | 8 ++++---- .github/workflows/automated-audit.yml | 2 +- .github/workflows/code-review.yml | 2 +- .github/workflows/dependency-review.yml | 2 +- .github/workflows/health-check.yml | 2 +- .github/workflows/hotfix-ci.yml | 2 +- .github/workflows/hybrid-security-scan.yml | 2 +- .github/workflows/integration-tests.yml | 4 ++-- .github/workflows/post-deploy-scan.yml | 2 +- .github/workflows/publish-container.yml | 2 +- .github/workflows/release-ci.yml | 2 +- .github/workflows/release-day60.yml | 8 ++++---- .github/workflows/scorecard.yml | 2 +- .github/workflows/security-regression.yml | 2 +- .github/workflows/semgrep.yml | 2 +- .github/workflows/smoke-test.yml | 2 +- .github/workflows/test.yml | 2 +- .github/workflows/tests.yml | 2 +- action.yml | 4 ++-- 19 files changed, 27 insertions(+), 27 deletions(-) diff --git a/.github/workflows/argus-phase-27-deep-analysis.yml b/.github/workflows/argus-phase-27-deep-analysis.yml index 0344684..7ff16fc 100644 --- a/.github/workflows/argus-phase-27-deep-analysis.yml +++ b/.github/workflows/argus-phase-27-deep-analysis.yml @@ -77,7 +77,7 @@ jobs: upload-reports: true - name: Upload Deep Analysis Report - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 if: always() with: name: phase-27-conservative-report @@ -114,7 +114,7 @@ jobs: enable-remediation: true - name: Upload Full Analysis Report - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 if: always() with: name: phase-27-full-weekly-report-${{ github.run_number }} @@ -169,7 +169,7 @@ jobs: upload-reports: true - name: Upload Manual Analysis Report - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 if: always() with: name: phase-27-manual-analysis-${{ github.run_number }} @@ -215,7 +215,7 @@ jobs: cp -r .argus/reviews/* benchmarks/conservative/ - name: Upload Benchmark Comparison - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: phase-27-benchmark-comparison-${{ github.run_number }} path: benchmarks/ diff --git a/.github/workflows/automated-audit.yml b/.github/workflows/automated-audit.yml index 06f2d40..c0a1a0d 100644 --- a/.github/workflows/automated-audit.yml +++ b/.github/workflows/automated-audit.yml @@ -104,7 +104,7 @@ jobs: security - name: Upload Audit Reports - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: audit-report-${{ matrix.repository }} path: target-repo/audit-reports/ diff --git a/.github/workflows/code-review.yml b/.github/workflows/code-review.yml index 188b066..adb846e 100644 --- a/.github/workflows/code-review.yml +++ b/.github/workflows/code-review.yml @@ -299,7 +299,7 @@ jobs: echo "review_type=$REVIEW_TYPE" >> $GITHUB_OUTPUT - name: Upload Review Reports - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: code-review-reports-${{ github.run_number }} path: .argus/reviews/ diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index e28dc6c..00e98ef 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -90,7 +90,7 @@ jobs: - name: Upload pip-audit results if: always() - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: pip-audit-results path: pip-audit.json diff --git a/.github/workflows/health-check.yml b/.github/workflows/health-check.yml index c031fd9..99f4e2e 100644 --- a/.github/workflows/health-check.yml +++ b/.github/workflows/health-check.yml @@ -169,7 +169,7 @@ jobs: - name: Upload health check report if: always() && inputs.save-report - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: health-check-report-py${{ inputs.python-version }} path: health-report.json diff --git a/.github/workflows/hotfix-ci.yml b/.github/workflows/hotfix-ci.yml index 164cffb..48fe8bb 100644 --- a/.github/workflows/hotfix-ci.yml +++ b/.github/workflows/hotfix-ci.yml @@ -167,7 +167,7 @@ jobs: echo "✅ Hotfix SBOM generated" - name: Upload artifacts - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: hotfix-artifacts path: | diff --git a/.github/workflows/hybrid-security-scan.yml b/.github/workflows/hybrid-security-scan.yml index 39e4872..99b6679 100644 --- a/.github/workflows/hybrid-security-scan.yml +++ b/.github/workflows/hybrid-security-scan.yml @@ -186,7 +186,7 @@ jobs: - name: Upload Results as Artifacts if: always() - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: hybrid-security-results-${{ github.run_id }} path: .argus/hybrid-results/ diff --git a/.github/workflows/integration-tests.yml b/.github/workflows/integration-tests.yml index cce13d0..eb52d91 100644 --- a/.github/workflows/integration-tests.yml +++ b/.github/workflows/integration-tests.yml @@ -107,7 +107,7 @@ jobs: - name: Upload test results if: always() - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: integration-test-results-${{ matrix.python-version }} path: | @@ -205,7 +205,7 @@ jobs: - name: Upload regression test results if: always() - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: regression-test-results path: regression-test-results.xml diff --git a/.github/workflows/post-deploy-scan.yml b/.github/workflows/post-deploy-scan.yml index 13242b7..b25601c 100644 --- a/.github/workflows/post-deploy-scan.yml +++ b/.github/workflows/post-deploy-scan.yml @@ -93,7 +93,7 @@ jobs: - name: Upload results if: always() - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: post-deploy-scan-results path: | diff --git a/.github/workflows/publish-container.yml b/.github/workflows/publish-container.yml index 208a204..302bd7b 100644 --- a/.github/workflows/publish-container.yml +++ b/.github/workflows/publish-container.yml @@ -80,7 +80,7 @@ jobs: output-file: sbom.spdx.json - name: Upload SBOM artifact - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: container-sbom path: sbom.spdx.json diff --git a/.github/workflows/release-ci.yml b/.github/workflows/release-ci.yml index abefa72..cd53fb5 100644 --- a/.github/workflows/release-ci.yml +++ b/.github/workflows/release-ci.yml @@ -203,7 +203,7 @@ jobs: echo "✅ SBOM signed with keyless OIDC (verifiable via Rekor transparency log)" - name: Upload artifacts - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: release-artifacts path: | diff --git a/.github/workflows/release-day60.yml b/.github/workflows/release-day60.yml index cdeb3d7..bf3a679 100644 --- a/.github/workflows/release-day60.yml +++ b/.github/workflows/release-day60.yml @@ -85,7 +85,7 @@ jobs: python3 scripts/argus gate --stage release --input findings_scored.json - name: Upload findings artifact - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: security-findings path: findings_scored.json @@ -122,7 +122,7 @@ jobs: echo "path=sbom-${VERSION}.json" >> $GITHUB_OUTPUT - name: Upload SBOM artifact - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: sbom path: sbom-*.json @@ -171,7 +171,7 @@ jobs: $SBOM_FILE - name: Upload signed artifacts - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: signed-release path: | @@ -249,7 +249,7 @@ jobs: cat release-report-${VERSION}.md - name: Upload report - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: release-report path: release-report-*.md diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index aa31f55..95c7331 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -54,7 +54,7 @@ jobs: # Upload results as artifact for review - name: Upload Scorecard Results - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: scorecard-results path: results.sarif diff --git a/.github/workflows/security-regression.yml b/.github/workflows/security-regression.yml index 502a1c1..ef471c6 100644 --- a/.github/workflows/security-regression.yml +++ b/.github/workflows/security-regression.yml @@ -68,7 +68,7 @@ jobs: - name: Upload test results if: always() && steps.check_tests.outputs.has_tests == 'true' - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: regression-test-results path: tests/security_regression/latest_results.json diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml index bda13cb..7f7de7b 100644 --- a/.github/workflows/semgrep.yml +++ b/.github/workflows/semgrep.yml @@ -84,7 +84,7 @@ jobs: # Upload results as artifact - name: Upload Semgrep Results if: always() - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: semgrep-results path: semgrep-results.sarif diff --git a/.github/workflows/smoke-test.yml b/.github/workflows/smoke-test.yml index 44eb66c..e4cab05 100644 --- a/.github/workflows/smoke-test.yml +++ b/.github/workflows/smoke-test.yml @@ -224,7 +224,7 @@ jobs: - name: Upload Smoke Test Artifacts if: always() - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: smoke-test-reports-${{ matrix.mode }}-${{ matrix.provider }} path: test-repo/.argus/reviews/ diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 52a4b31..90fa4c2 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -66,7 +66,7 @@ jobs: - name: Upload coverage report if: matrix.python-version == '3.12' && always() - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: coverage-report path: htmlcov/ diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index d8995ed..8abc37a 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -55,7 +55,7 @@ jobs: - name: Upload coverage to artifacts if: matrix.python-version == '3.10' - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: coverage-report path: htmlcov/ diff --git a/action.yml b/action.yml index 6bcb382..47c7015 100644 --- a/action.yml +++ b/action.yml @@ -851,7 +851,7 @@ runs: # Upload artifacts - pinned by SHA - name: Upload Review Reports (Fast Mode) if: ${{ inputs.upload-reports == 'true' && inputs.pipeline-mode == 'fast' }} - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: code-review-reports-${{ github.run_id }}-${{ github.run_attempt }} path: ${{ inputs.project-path }}/.argus/reviews/ @@ -859,7 +859,7 @@ runs: - name: Upload Pipeline Reports (Full Mode) if: ${{ inputs.upload-reports == 'true' && inputs.pipeline-mode == 'full' }} - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: full-pipeline-reports-${{ github.run_id }}-${{ github.run_attempt }} path: ${{ inputs.project-path }}/.argus/hybrid-results/